diff --git a/README.md b/README.md
index dd85bb0..12f1a1d 100644
--- a/README.md
+++ b/README.md
@@ -76,6 +76,7 @@ No modules.
| [opensearch\_modsec\_audit\_host](#input\_opensearch\_modsec\_audit\_host) | domain endpoint for the opensearch cluster | `string` | `""` | no |
| [proxy\_response\_buffering](#input\_proxy\_response\_buffering) | nginx receives a response from the proxied server as soon as possible, saving it into the buffers set by the proxy\_buffer\_size and proxy\_buffers directives. If the whole response does not fit into memory, a part of it can be saved to a temporary file on the disk. https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering | `string` | `"off"` | no |
| [replica\_count](#input\_replica\_count) | Number of replicas set in deployment | `string` | n/a | yes |
+| [upstream\_keepalive\_time](#input\_upstream\_keepalive\_time) | Limits the maximum time during which requests can be processed through one keepalive connection. After this time is reached, the connection is closed following the subsequent request processing. | `string` | `"1h"` | no |
## Outputs
diff --git a/main.tf b/main.tf
index 496c3f2..3a415c0 100644
--- a/main.tf
+++ b/main.tf
@@ -50,16 +50,18 @@ resource "helm_release" "nginx_ingress" {
version = "4.7.3"
values = [templatefile("${path.module}/templates/values.yaml.tpl", {
- metrics_namespace = "ingress-controllers"
- external_dns_annotation = local.external_dns_annotation
- replica_count = var.replica_count
- default_cert = var.default_cert
- controller_name = var.controller_name
- controller_value = "k8s.io/ingress-${var.controller_name}"
- enable_modsec = var.enable_modsec
- enable_latest_tls = var.enable_latest_tls
- enable_owasp = var.enable_owasp
- keepalive = var.keepalive
+ metrics_namespace = "ingress-controllers"
+ external_dns_annotation = local.external_dns_annotation
+ replica_count = var.replica_count
+ default_cert = var.default_cert
+ controller_name = var.controller_name
+ controller_value = "k8s.io/ingress-${var.controller_name}"
+ enable_modsec = var.enable_modsec
+ enable_latest_tls = var.enable_latest_tls
+ enable_owasp = var.enable_owasp
+ keepalive = var.keepalive
+ # https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/#upstream-keepalive-time
+ upstream_keepalive_time = var.upstream_keepalive_time
proxy_response_buffering = var.proxy_response_buffering
default = var.controller_name == "default" ? true : false
name_override = "ingress-${var.controller_name}"
diff --git a/templates/values.yaml.tpl b/templates/values.yaml.tpl
index e44c2f2..68a9880 100644
--- a/templates/values.yaml.tpl
+++ b/templates/values.yaml.tpl
@@ -169,6 +169,7 @@ controller:
proxy-body-size: "50m"
keepalive: ${keepalive}
proxy-buffering: "${proxy_response_buffering}"
+ upstream-keepalive-time: "${upstream_keepalive_time}"
%{ if enable_latest_tls }
ssl-protocols: "TLSv1.2 TLSv1.3"
diff --git a/variables.tf b/variables.tf
index 804d88f..010920a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -74,6 +74,12 @@ variable "keepalive" {
default = 320
}
+variable "upstream_keepalive_time" {
+ description = "Limits the maximum time during which requests can be processed through one keepalive connection. After this time is reached, the connection is closed following the subsequent request processing."
+ type = string
+ default = "1h"
+}
+
variable "proxy_response_buffering" {
description = "nginx receives a response from the proxied server as soon as possible, saving it into the buffers set by the proxy_buffer_size and proxy_buffers directives. If the whole response does not fit into memory, a part of it can be saved to a temporary file on the disk. https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering"
type = string